How to respond to this incident
This morning, my father and aunt experienced a cybersecurity incident, or at least I speculate so, as the behavior of the following case is strange:
My father received a text message (traditional SMS) with ASCII characters and emojis from my aunt, as if she had sent it.
My father opened WhatsApp and sent her a screenshot to clarify if she sent him this text message, and to ask what it meant.
In their chat, a voice note appeared on my aunt's side as if she had sent it. The voice note is just noise and someone speaking in a language I can't distinguish.
I've spent the last hour thinking about how to respond to this incident. Both phones are Android. I've come here to ask for suggestions on how to address this problem and if anyone knows about these issues. I understand that text messages can be spoofed very easily, especially SMS messages. I've thought about monitoring network traffic to look for any suspicious domains and confirm the incident. I've never extracted an image from a phone, but I assume I could learn how to do it and investigate further. Lastly, what do you suggest? It seems strange to me that a threat actor would behave in this way, unless they're a troll or someone who just wants to cause trouble.
I look forward to your responses. Thank you very much for taking the time to read this post!
